Fix issues with clamav not being able to be updated

v1.7.0
GoogleCloudPlatform · Jun 7, 2022 · 78f38d7 · 78f38d7
1 parent 1a662ed
commit 78f38d7
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -25,6 +25,7 @@ Run and Eventarc.
 * 2021-11-22 Remove requirement for Project Viewer permissions.
 * 2022-02-22 Fix node-forge vulnerability.
 * 2022-03-01 Support larger file sizes (up to 500MiB)
+* 2022-06-07 Fix issue where clamav cannot update itself on container start
 
 ## License
 

diff --git a/cloudrun-malware-scanner/Dockerfile b/cloudrun-malware-scanner/Dockerfile
@@ -15,10 +15,20 @@
 FROM node:16
 WORKDIR /app
 COPY . /app
+# The setup script both adds and removes clamav.
+# This is so that the clamav prerequisites are installed here
+# but the package will actually get installed by bootstrap.sh
+# when the container starts.
+# This is because a) clamav cannot be installed only when the
+# container starts due to some things not working in the container
+# runtime, and b) clamav cannote be re-installed or updated when
+# the container starts due to some wierdness relating to symlinks
+# in the container runtime.
+#
+# https://github.com/GoogleCloudPlatform/docker-clamav-malware-scanner/issues/32
 RUN apt-get update && \
+    export DEBIAN_FRONTEND=noninteractive && \
     apt-get install clamav-daemon -y && \
-    npm install --only=prod && \
-    freshclam && \
-    echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
-    echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.conf
+    apt-get autoremove clamav-daemon -y && \
+    npm install --omit=dev
 CMD ["sh", "bootstrap.sh"]
diff --git a/cloudrun-malware-scanner/bootstrap.sh b/cloudrun-malware-scanner/bootstrap.sh
@@ -17,8 +17,11 @@
 # Log commands, and exit on error.
 set -x -o errexit
 
-# Check for clam updates on container startup
-apt-get update  && apt-get install clamav-daemon -y
+export DEBIAN_FRONTEND=noninteractive
+
+# Install up-to-date clam version on container startup
+apt-get update
+apt-get reinstall clamav-daemon -y
 
 # Get latest definitions
 freshclam
@@ -29,7 +32,7 @@ freshclam
 
 # Note: clamav takes the _first_ config value found in the file, so first
 # remove any existing values, then append the new values.
-grep -vE "^(StreamMaxLength|MaxScanSize|MaxFileSize|MaxRecursion|MaxFiles)" /etc/clamav/clamd.conf  > /etc/clamav/clamd.conf.new
+grep -vE "^(StreamMaxLength|MaxScanSize|MaxFileSize|MaxRecursion|MaxFiles|TCPSocket|TCPAddr)" /etc/clamav/clamd.conf  > /etc/clamav/clamd.conf.new
 cat >> /etc/clamav/clamd.conf.new << EOF
 # This option allows you to specify the upper limit for data size that will be transfered to remote daemon when scanning a single file.
 StreamMaxLength 521M
@@ -48,6 +51,11 @@ MaxRecursion 16
 
 # Number of files to be scanned within an archive, a document, or any other kind of container.
 MaxFiles 10000
+
+# Port and bind address for clamav daemon
+TCPSocket 3310
+TCPAddr 127.0.0.1
+
 EOF
 mv -f /etc/clamav/clamd.conf.new /etc/clamav/clamd.conf
 

diff --git a/cloudrun-malware-scanner/package.json b/cloudrun-malware-scanner/package.json
@@ -1,6 +1,6 @@
 {
   "name": "gcs-malware-scanner",
-  "version": "1.6.0",
+  "version": "1.7.0",
   "description": "Service to scan GCS documents for the malware and move the analyzed documents to appropriate buckets",
   "main": "index.js",
   "scripts": {